On Di, 2018-09-04 at 15:18 -0400, Alan Stern wrote:
> On Tue, 4 Sep 2018, Johan Hovold wrote:
>
> > On Tue, Sep 04, 2018 at 12:21:09PM +0200, Oliver Neukum wrote:
> > > On Di, 2018-09-04 at 11:31 +0200, Johan Hovold wrote:
> > > > On Tue, Sep 04, 2018 at 10:44:41AM +0200, Oliver Neukum wrote:
> > > > > For those people who run with panic_on_warn a WARN() triggered
> > > > > from user space is a DOS. It is worth returning to dev_err()
> > > >
> > > > I think this should be dev_warn() unless you want to bring back the
> > > > returning of errors on these conditions as well (i.e. as was the case
> > > > prior to 0cb54a3e47cb ("USB: debugging code shouldn't alter control
> > > > flow")).
> > >
> > > Should I? A warning in syslog is pretty hardcore, so I have no idea
> > > whether dev_warn() is enough.
> >
> > Perhaps there are two sides to this. If something really should not be
> > happening and needs to be addressed (i.e. it's a driver bug) that
> > dev_WARN is warranted. If user space can be pass in bogus flags that
> > gets propagated to USB core, perhaps those need to be sanitised sooner
> > (in the vain of "don't trust anything coming from user space").
>
> I'd go along with this. The usbfs code should fix or reject URBs
> submitted from userspace with bogus flags or an incorrect pipe value.
> (In fact, we already sanitize the flags to some extent, but we could do
> more: ISO_ASAP should apply only to isochronous URBs, and ZERO_PACKET
> should apply only to bulk-OUT URBS.)
>
> Similar errors coming from kernel drivers should be reported as actual
> bugs.
Very well, I am making a patch to do that.
Regards
Oliver
